Security Compliance Manager

Security Compliance Manager

Vacancy expired!

Essential Functions & Responsibilities Include:

• Audit user and system security configurations for compliance with internal and external requirements


• Performs audits and follow-up on corrective actions; Participate in internal audit activities performed for compliance verification; Interact and coordinate with appropriate business unit resources for audit participation


• Functions as a liaison between business units with compliance responsibilities to collect, report, and retain compliance documentation and reports


• Prepares and provides updates for monthly internal and external compliance reports


• Provides information to management regarding negative business impact caused by violation of confidentiality, integrity or availability of information and information systems


• Provides ongoing guidance and support to the organization to promote a progressive and sustainable compliance culture


• Document and maintains risk-based compliance policies and procedures; Develop various materials for use on ITS's compliance intranet site


• Coordinate training materials and monitoring records and the distribution of regulatory information to the appropriate personnel


• Implement and maintains operational plans for key control activities to ensure compliance with regulatory, legal, and corporate or functional related policies and procedures ;Responds to internal and external inquiries and requests for information to clarify regulatory requirements


• Assist in development of processes to identify, quantify, analyze, and report on Technology Risk and Compliance status


• Identify ongoing process improvements, operational gaps, and potential remediation steps; assist and/or lead process re-design and coordination of remediation efforts and remediation status reporting


• Maintains knowledge of legislation and regulation changes related to the financial industry; understanding of applicable finance industry security and privacy regulations, procedures and issues, and assist in leading internal efforts to ensure the organization remains compliant with such laws and regulations


• Lead and/or participate in special project teams supporting general business initiatives outside of the primary security function


• Perform other duties as assigned

Requirements:

• Eight (8) years of related work experience, including a combination of at least three (3) years of progressively responsible experience in Internal Auditing and five (5) years of experience in internal control projects in the private industry.

Education:

• Bachelor Degree in Computer Science or related discipline, or equivalent combination of education and experience required.


• Risk management, governance or security certification (CRISC, CGEIT, CISSP, CISM, CISA) or ability to obtain within six months.


• Project Management certification (PMP) preferred.

Knowledge, Skills, & Abilities:

• Demonstrate behaviors based on values: Excellence, Innovation, Leadership, Passion and Trust


• Working knowledge of NACHA, SSAE 16 and PCI requirements


• Working knowledge of ISO27000 series of standards, PCI, COBIT, ITIL, and Sarbanes Oxley rules surrounding IT


• Working knowledge of OFAC, BSA, GLBA, Patriot Act and other Federal or State laws that impact National Security requirements or privacy


• Strong communication skills, including written skills relating to issue documentation and reporting to executive management and the audit committee


• Understands application of security concepts across a broad scope of information technology areas including data communications, network design, operations, database structures, operating systems, application development, security risk assessment, and disaster recovery


• Ability to exercise discretion and good judgment in making decisions; Understanding of security/controls risk vs. business impact to inform decision making


• Ability to maintain confidentiality of materials handled